summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-02-03 00:30:52 +0100
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-02-03 00:30:52 +0100
commit9f7f1ebb15a2dce507693830517bc1c0c2b6815e (patch)
treee5c1d45a64ee1979f53227b3a99fc7c6e96b97bb
parentb3066e73ff48da560ae5ba56de4c8f2e9e94d3c2 (diff)
downloadvyos-1x-9f7f1ebb15a2dce507693830517bc1c0c2b6815e.tar.gz
vyos-1x-9f7f1ebb15a2dce507693830517bc1c0c2b6815e.zip
firewall: T4178: Fix only inverse matching on tcp flags
-rw-r--r--python/vyos/firewall.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index a74fd922a..c1217b420 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -208,7 +208,7 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
def parse_tcp_flags(flags):
include = [flag for flag in flags if flag != 'not']
exclude = list(flags['not']) if 'not' in flags else []
- return f'tcp flags & ({"|".join(include + exclude)}) == {"|".join(include)}'
+ return f'tcp flags & ({"|".join(include + exclude)}) == {"|".join(include) if include else "0x0"}'
def parse_time(time):
out = []